RC4, designed by Rivest, is widely used including WPA, which is one of the security protocols for IEEE 802.11 wireless standard. The first 3-byte RC4 keys in WPA generated by IV are known since IV can be obtained by observing a packet. In 2014, Sen Gupta et al. found linear correlations between the keystream byte and known RC4 key bytes. In 2015, Our previous work extended linear correlations to include unknown internal states as well as the keystream byte and known RC4 key bytes. They found more than 150 linear correlations experimentally, and proved only 6 cases theoretically. In this paper, we will provide theoretical proof of 15 cases out of their unproven linear correlations. These theoretical results demonstrated how TKIP key generation procedure in WPA induces biases on internal states different from generic RC4.20th Australasian Conference, ACISP 2015, Brisbane, QLD, Australia, June 29 - July 1, 2015, Proceedings

This is the author-created version of Springer, Ryoma Ito, Atsuko Miyaji, Lecture Notes in Computer Science, 9144, 2015, 329-342. The original publication is available at www.springerlink.com, http://dx.doi.org/10.1007/978-3-319-19962-7_19